----- Forwarded message from Patrick Georgi <patrick@georgi-clan.de> ----- Date: Fri, 20 Sep 2013 13:49:49 +0200 From: Patrick Georgi <patrick@georgi-clan.de> To: coreboot@coreboot.org Subject: Re: [coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption User-Agent: Roundcube Webmail/0.9.2 Am 2013-09-20 11:51, schrieb Eugen Leitl:
The Intel Atom-based MinnowBoard is a new UEFI dev platform, and it's Linux-based, and targets hackers; it uses Intel's definition of "Open Hardware", mainly meaning no NDAs involved. It is much cheaper and smaller than the above box. http://minnowboard.org/ http://uefidk.intel.com/content/minnowboard-uefi-firmware To wit, its download page is guarded by a long, non-free EULA: http://uefidk.intel.com/content/minnowboard-uefi-firmware-eula Some of the components also seem to be binary-only.
Both of these boxes let you reflash your system firmware with your custom build of BSD-licensed TianoCore UEFI. BSD-licensed TianoCore + heaps of binary modules that are currently only available under NDA. They'd also require some additional code (probably binary only?) to make Tiano resembling something like a complete and secure implementation.
<soapbox> There is a large OEM/ODM/IBV/IHV/ISV ecosystem that currently runs the hardware, and it is UEFI-centric. IMO, focusing only on fringe Lemote/Coreboot technology is not a good bet. coreboot is your only bet on x86 if you aim for open source firmware. It can be combined with TianoCore to provide the UEFI APIs to the user (read: Operating System), but TianoCore alone won't do since it lacks hardware initialization drivers (that coreboot provides).
Personally, I wish EFF/FSF and other open/free tech groups would form a Linaro-like firmware group and produce their own UEFI firmware image, as an option for OEMs. Personally, I wish people wouldn't wish for someone else to start groups, but do it themselves for a change.
There needs to be some Free Boot alternative to Secure Boot, with certs from EFF/FSF/etc and the open source distro vendors, not just OEMs/MSFT in the firmware, and it needs to target booting from a handful of main open source distros, not just 1 commercial OS. Else, UEFI will turn Personal Computers into Windows PCs, ending the era of General Purpose computing. "main open source distros" is not enough since it creates a gatekeeper model. "Secure Boot" (which is really a Verified Boot) without
However that brings the risk of seeing that things aren't quite as simple and might ultimately fail. Of course, soapboxes and arm chairs are much more comfortable and comparably risk-free. physical user override doesn't cut it. ChromeBooks, using coreboot, provide a mostly* Open Source Verified Boot model with physical user override (with two override modes: safe via dev mode switch, and complete via jumper). * (blame Intel) tl;dr: Comparing coreboot, Lemote, UEFI and Tianocore isn't as easy as people seem to believe. Regards, Patrick -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5